CVE-2025-10696
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-12-22
Assigner: Fluid Attacks
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensupports | opensupports | 4.11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenSupports 4.11.0 allows a Level 1 staff member to edit the list of 'supervised users' for any account without verifying if they own that list. As a result, they can modify supervision relationships of other users, enabling them to view tickets of users they should not have access to. This breaks the authorization model and exposes other users' ticket information improperly.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive ticket information by users who should not have permission to view it. It compromises data confidentiality and could result in information disclosure, potentially affecting user privacy and trust in the system.